[Date Prev][Date Next] [Chronological] [Thread] [Top]

FW: passwd extop backend selection (ITS#2851)

I believe we ought to change the passwd extop function to execute mainly in
the frontend. The only thing that is needed is to retrieve the entry, create
the hashes, and then issue a modify on the backend. This would eliminate some
redundancy in the backends...

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

-----Original Message-----
From: owner-openldap-bugs@OpenLDAP.org
[mailto:owner-openldap-bugs@OpenLDAP.org]On Behalf Of ando@sys-net.it
Sent: Sunday, November 30, 2003 10:48 PM
To: openldap-its@OpenLDAP.org
Subject: passwd extop backend selection (ITS#2851)

Full_Name: Pierangelo Masarati
Version: HEAD
OS: Linux RH
URL: http://www.sys-net.it/~ando/Download/slap-passwd-extop-2003-11-30.patch
Submission from: (NULL) (
Submitted by: ando

passwd_extop() in servers/slapd/passwd.c uses op->o_conn->c_authz_backend
(the authorizing backend) to operate the password change.  This patch uses
the ID field in reqdata, if any, to select the appropriate backend, in
view of using passwd_extop across backends in glued backend pools.

Any drawback or security issue?